Kerberos, LDAP, THEN Local authentication?
I work in a mid-sized department inside a big organization and I have a question regarding authentication.
Currently, our department gives all linux users a username and password for their computing accounts that is separate from their other ID and Password.
We now want to move to the organization's central IT authentication to get out of the password business and to provide users with a single sign-on solution.
Our organization uses Kerberos + LDAP for authentication/authorization.
I've set up a test machine and it works - anyone with a valid organization ID and password can log in. Therein lies the problem!
I don't want everyone to be able to log in, only those in our department. How do I restrict or impose further security so that only our department's users can gain authentication and log in to the machine?
Thanks for any help!